Contents

Event rules

SAVE AS PDF

Event rules

Use event rules to generate alerts for tracking and remediation. Event rules are
stored in the Event Rule [em_match_rule] table. Configure and customize event rules to
manage events and alert generation.

Event rules do not change the event records in the Event table. Changes to event data are
stored in the ServiceNow instance
memory.

Use the Event rule designer to create and configure event rules. See the following video:

Event rule designer

You can use the default event rules or event rules that you have created to:

Apply an event rule filter to determine whether the rule applies to an
event.

Define a filter to restrict to which events the event rule must apply. Configure the filter by providing a set of conditions that each event must match to be either excluded or included from applying to the event rule.

You can configure an event rule to customize alert content. You can customize the order of the fields and select which fields display. The fields in the left-hand workarea of the Transform and Compose Alert Output section of an event rule are the fields that appear in the generated alert.

If Event Management receives multiple events for a device in a short period, it might indicate a serious condition, so you might want an alert to be generated. However, if events for a device are received at longer intervals, the condition might not be serious, so you might want to suppress alert generation. The threshold is the rate where Event Management generates an alert.

When alerts are associated with CIs, the task of remediation is simplified. During alert generation, Event Management uses event rules and other mechanisms to automatically bind alerts to CI information from the CMDB. For tracking purposes and remediation, the alert shows information about the CI that caused the event.

Event groups are sets of events that do not have a matching event rule. You can view the patterns in a group of events to learn the impact of creating a rule based on the event source and description patterns.